Before starting the process, it is necessary to have an account with Amazon Web Services. It is quite important that our user’s account has a full granted access to AWS IoT and AWS IAM (Identity and Access Management) modules. For the latter option,
saving the access keys is strongly recommended, since these might not be found again on the same panel.

I.Configuring Intel Edison Board.

Intel provides on-line documentation which clearly explains how the board should be configured, once it has been correctly plugged. If a Windows environment is used, the easiest way to configure the board is by downloading the “Intel Edison Setup” app, which runs initial configuration step by step. However, this can be done on Linux or MacOS based systems without any inconvenience. This guide has been found to be very helpful to this complete process.

The process mentioned above is mainly dealing with connecting the board, and opening a serial connection with its occupied port at a 115200 bauds rate, as suggested on the guide. PuTTY might be used for this purpose if working on Windows. If accessing to the board OS for the first time, authentication info is Username: root | Password (blank).
Once the OS is duly authenticated, basic configuration, Wi-Fi connection and others can be configured by running the command configure_edison –setup.

II.Installing packages.

Initially, Python must be installed, for it is the programming language used in this example. Nevertheless, Intel Edison board is able to run any code written in C, C++, NodeJS, among others. Python current version may be easily verified by running the command python –version. Intel boards usually have Python 2.7 already installed.

Python package installer (pip) becomes a very useful tool when installing packages and complements. With its help, AWS CLI (Command Line Interface) should be installed. This one allows to control various AWS services, and can be installed by using (in the Edison terminal) the command: pip install awscli.

After installing the AWS CLI, reviewing the Access ID and the Access Key (obtained previously in AWS IAM module) is needed. To install these credentials, run the command aws configure and fill these blanks when required by the terminal.

In order to work with Python on AWS, the SDKs that allow communication between the device and the cloud must be installed. These development tools might be: AWSIoTPythonSDK, Boto3; according to the needed utilities. Both can be installed using pip, as follows:

A typical setup for this system may easily be found on the internet, like this one.

IV.Creating a Thing.

In AWS, a “Thing” is used to represent any real device, like a sensor, an actuator, a Beacon, or anything that can provide and/or receive data. It has several properties, like the thing type, definable attributes, and a Shadow, among other properties. A Shadow is a virtual representation of a Thing status in the cloud, so it is the one that symbolizes the status of its attributes on-line, even when the device disconnects. That is why the Shadow is so important when linking physical devices to AWS.

In order to create a Thing, go to AWS IoT panel → Things → Registry → Create, and it should be named after the physical device that it represents. The other attributes are optional.

V.Creating SSLs and Policies.

When aiming to provide safer communications between the devices and the cloud, AWS handles a certificate-and-policies-based security system. Each SSL must have a policy attached to it, and at the same time, these are attached to Things so they are allowed to communicate with other services or devices.

In order to create a SSL certificate, go to the AWs IoT panel → Security → Certificates → Create. Once there, creating a quick certificate is recommended. At the very moment of its creation, it is important to download the security keys that the process provides, including the “rootCA”, since they will be used eventually for the device authentication. Saving all these files on the same folder is also advised.

As to the policies, they should be created using a memorable name, and the actions and resources that they can modify must be expressed in the appropriate field. For the sake of this example, all IoT actions are allowed (iot:*), and can be applied over default resources (*). “Allow” option must be enabled on the platform, and then click on “Create”. That’s it.

Now, to link the Policy with the previous SSL certificate, go to the Certificate’s panel and choose “attach a policy”, afterwards select the correspondent policy. In the same panel, the certificate may be attached to a Thing, by entering the option “attach Thing”.

VI.Downloading security keys.

This step was implicit in the previous step. It is important, when creating the SSL, to download all the AWS security keys, including “Root CA”. They should be saved in an easy-to-remind location.

VII.Configuring AWS on the device.

Once the processor is accessed via SSH, the command aws configure should be used on the Edison terminal. This one allows to authenticate the device to AWS through validation of the following fields:

– AWS Access Key ID.
– AWS Secret Access.
– Region.
– Output format.

The first two fields of the list were obtained on the beginning on this guide, as IAM permissions were required. On that panel (IAM), as new IAM fields are created, new Access Key are created and should be saved by the user.
The Region field must match the previously selected region for the project. In this particular case, US-West-2 (Oregon) was chosen. It is good to clarify that the services do not work the same way in each region.
The Output format tells AWS the format in which data will be shared between nodes. It is a good option to use JSON format.
Once these fields are introduced, the device will be authenticated to the cloud.

VIII.Updating and listening to Shadow.

Amazon team has done a good job on documenting many of the functionalities that AWS provides. Among those, the release of information and code to update and receive data from Shadows of the Things. It is necessary to clarify that the mentioned codes are owned by them, and are protected by the Apache License v2.0, where publication and distribution rules are defined. In this example, Amazon codes “listenShadow.py” and “updateShadow.py” were implemented, both slightly modified (for the sake of the exercise) on auth keys and payload.

IX.Writing code.

As mentioned before, the program was written in Python (infrared_open.py). This, when required, imports the other files (updateShadow.py and listenShadow.py) to execute the communication. This is a simple, widely improvable example. Implementing daemons to start running on boot and optimizing the code is suggested. The sample code is available at our GitHub repository. Hope it is useful for you.